NixOS Configuration
|
||
---|---|---|
machines | ||
options | ||
profiles | ||
secrets | ||
.gitignore | ||
configuration.nix | ||
flake.in.nix | ||
flake.lock | ||
flake.nix | ||
LICENSE | ||
README.md |
WARNING
This configuration is not meant for public usage
Install
Remote (with NixOS Anywhere)
- Clone this repository
git clone https://github.com/myned/nixos
-
Enable Flakes
-
Boot from NixOS minimal installer
-
Create machine-specific modules in
machines/MACHINE/
a. Machine configuration and hostname in default.nix
{ custom.hostname = "MACHINE"; }
b. Disko layout in disko.nix
# Verify /dev identifier on machine
lsblk
# Verify EFI/BIOS firmware on machine
[ -d /sys/firmware/efi/efivars ] && echo "UEFI" || echo "BIOS"
c. Generated hardware configuration in hardware-configuration.nix
nixos-generate-config --show-hardware-config --no-filesystems --root /mnt
- Choose profile and add machine-specific modules to
flake.in.nix
MACHINE = BRANCH "ARCHITECTURE" [ ./profiles/PROFILE ./machines/MACHINE ];
- Generate and lock
flake.nix
with flakegen
cd nixos
git add .
nix run .#genflake flake.nix
nix flake lock
- Generate machine SSH key and rekey agenix secrets with added public key
mkdir -p tmp/etc/ssh/
ssh-keygen -f tmp/etc/ssh/id_ed25519 -N '' -C root@MACHINE
cd secrets
agenix -r
- Add user SSH key to root authorized_keys on machine
# On host
cat ~/.ssh/id_ed25519.pub | wl-copy
# On machine
sudo mkdir /root/.ssh/
sudo nano /root/.ssh/authorized_keys
- Execute NixOS Anywhere
nixos-anywhere --extra-files tmp --flake .#MACHINE root@IP
-
Shutdown, detach ISO, and reboot
-
Remove temporary files
rm -r tmp